Plataforma
dell
Componente
dell-emc-cloudlink
Corrigido em
7.1.3
CVE-2022-34379 describes an Authentication Bypass vulnerability affecting Dell EMC CloudLink versions up to 7.1.3. This flaw allows a remote attacker, possessing knowledge of Active Directory usernames, to potentially bypass authentication controls and gain unauthorized access to the system. The vulnerability was published on September 1, 2022, and a fix is available in version 7.1.3.
The impact of CVE-2022-34379 is severe. Successful exploitation allows an attacker to bypass authentication and gain unauthorized access to the Dell EMC CloudLink system. This could lead to data breaches, system compromise, and potential disruption of services. Attackers could leverage this access to steal sensitive data, modify configurations, or even gain control of the entire CloudLink environment. The ability to leverage existing Active Directory credentials significantly lowers the barrier to entry for attackers, increasing the likelihood of exploitation.
CVE-2022-34379 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's severity and ease of exploitation (requiring only knowledge of Active Directory usernames) suggest a potential for future exploitation. The vulnerability was publicly disclosed on September 1, 2022.
Organizations heavily reliant on Dell EMC CloudLink for their cloud management and orchestration needs are at significant risk. Specifically, environments with weak Active Directory password policies or those lacking multi-factor authentication are particularly vulnerable. Shared hosting environments utilizing CloudLink also present a heightened risk due to potential cross-tenant access.
• windows / dell:
Get-WinEvent -LogName Security -Filter "EventID = 4625 -Message contains 'CloudLink'"• linux / server:
journalctl -u cloudlink | grep -i authentication• generic web:
curl -I https://<cloudlink_ip>/admin/login.jsp | grep -i 'WWW-Authenticate'disclosure
patch
Status do Exploit
EPSS
1.41% (percentil 80%)
Vetor CVSS
The primary mitigation for CVE-2022-34379 is to upgrade Dell EMC CloudLink to version 7.1.3 or later. If immediate upgrading is not feasible, consider implementing stricter Active Directory password policies and multi-factor authentication to reduce the risk of credential compromise. Review and restrict access permissions within CloudLink to limit the potential impact of a successful breach. Monitor CloudLink logs for suspicious authentication attempts and unauthorized access patterns.
Atualize Dell EMC CloudLink para a versão 7.1.3 ou posterior. Esta atualização corrige a vulnerabilidade de ignorar autenticação. Consulte o boletim de segurança da Dell para obter mais detalhes e instruções de atualização.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2022-34379 is a critical vulnerability in Dell EMC CloudLink versions up to 7.1.3 that allows remote attackers with Active Directory username knowledge to bypass authentication and gain unauthorized access.
You are affected if you are running Dell EMC CloudLink versions prior to 7.1.3. Verify your version and upgrade immediately if vulnerable.
Upgrade Dell EMC CloudLink to version 7.1.3 or later to remediate the vulnerability. Implement stricter Active Directory policies as an interim measure.
While no widespread exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a potential for future attacks.
Refer to the official Dell Security Advisory: https://www.dell.com/support/kbdoc/en-us/000193568/security-update-for-dell-emc-cloudlink-authentication-bypass-vulnerability
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.